The Document Warehouse | www.tdw.co.za | 011 298 0700

Compliance with South African

POPI Acts

www.tdw.co.zaEbook Developed by Virginia Hendricks

The Document Warehouse | www.tdw.co.za | 011 298 0700

Compliance entails

THE POPI ACT

Ensuring that your organisation is abiding by both your own industry

regulations and government legislation.

2

The Document Warehouse | www.tdw.co.za | 011 298 07003

Compliance = Role of Top Management

They are responsible for setting an organisation’s direction and communicating priorities to employees and stakeholders.

These include linking records management to the organisation’s requirements and goals, and understanding the risks associated with inadequate records management.

Compliance

The Document Warehouse | www.tdw.co.za | 011 298 07004

Records Management Programme

• Sound records management exists within the same regulatory framework that requires and governs good governance, accountability and transparency.

• At The Document Warehouse we offer a range of Records Management and storage solutions. With secure storage and record solutions that keep our clients and their clients information secure, whether it's paper, electronic or data. The Document Warehouse prides itself on top notch barcoding techniques that safeguards you and your companies information.

Compliance

The Document Warehouse | www.tdw.co.za | 011 298 07005

Being compliant with Legislation requires that:Organisations manage and control their records. From the time they are created to their eventual disposal or preservation of information.

Compliant with legislation?

The Document Warehouse | www.tdw.co.za | 011 298 07006

Is your Records Management programme able to meet compliance requirements of security, regulations, principles and standards?

Are your emails and web pages managed as records?

Is Your Organisation Compliant With Legislation?

Compliant Checklist

Can you find the right documents and records when you need them?

Does workflow and business process work with documents and records management to help increase efficiency within your company?

Compliant Checklist

The Document Warehouse | www.tdw.co.za | 011 298 0700

Records Management is about attaining a records management benchmark of “best practice” i.e. - ISO 15489

Best Practice of a Records Management Programme ● Policies● Procedures (SOP);● Business Classification System/Naming Convention for

files/records.● Retention and disposal schedule for records;● Continuous Records Management Training to all employees.

7

Non- Compliance!

The Document Warehouse | www.tdw.co.za | 011 298 07008

Virginia HendricksNational Training Consultant

The Document Warehouse

“Your organisation cannot be compliant if your records are not being managed properly!”

Dedicated to serviceThe Document Warehouse (TDW) is about helping organisations become compliant.

We are passionate about managing your company records and are here to help you to manage your records management.

The Document Warehouse | www.tdw.co.za | 011 298 0700

Protection of Personal Information Act 4 of 2013

9

Companies will soon be required to comply with the stringentProtection of Personal Information (POPI) Act. This is going to regulate how we handle, store and secure personal information.

The POPI Act was signed into law during November 2013, commencement date will be announced later this year!

However one should start implementing solutions now to avoid fines or prosecution.

Disclaimer: Information shared and distributed relating to POPI is based on The Document Warehouse internal employees interpretation of the Act and information available in the public domain. The Document Warehouse does not profess this information to be a conclusive or comprehensive formal guide to POPI. People should at all times refer to the Act itself.

The Document Warehouse | www.tdw.co.za | 011 298 070010

Who Must Comply?

● Personal information / entity, ● His or her or its

Purpose of the Act● Promote the protection of personal information● Introduce certain conditions● Establishment of an Information Regulator● Perform certain duties and functions in terms of this Act and the

promotion of Access to Information Act, ● Issuing of codes of conduct; ● Rights of persons regarding unsolicited electronic

communications ● Regulate the flow of personal information across the borders of

the Republic.

The Document Warehouse | www.tdw.co.za | 011 298 0700

POPI- brings the country in line with international laws on privacy.

● Data Protection Act 1998 (United Kingdom)● Data Protection Directive (European Union)● Data protection and privacy laws (Russia)● Electronic Communications Privacy Act

(United States)● Personality rights● Privacy Act of 1974 (United States)● Privacy Act 1988 (Australian)● Right to be forgotten ● Protection of Personal Information Act 4 of

2013 (SA)

Purpose Of POPI

11

The Document Warehouse | www.tdw.co.za | 011 298 070012

8 Core Conditions To POPI

1.Accountability

2.Processing Limitations

3.Purpose

Specifications

4.Further

Processing

5.Information

Quality

6.Openness

7.Security

Safeguards

8.Data Subject Participation

The Document Warehouse | www.tdw.co.za | 011 298 070013

Accountability Processing Limitations➔ Take steps to notify the ‘data

subject:➔ The individual whose information

is being processed has the right to know this is being done and why.

➔ The data subject must be told the name and address of the company processing their information.

➔ In addition, he or she must be informed as to whether the provision of the information is voluntary or mandatory.

➔ The processing must be lawful➔ Personal information may only be

processed if it is adequate, relevant and not excessive given the purpose for which it is processed.

➔ Define the purpose of the information gathering and processing:

➔ Personal information must be collected for a specific, explicitly defined and lawful purpose that is related to a function or activity of the company concerned.

1.Accountability

2.Processing Limitations

The Document Warehouse | www.tdw.co.za | 011 298 070014

Purpose Specification Further Processing Limitation➔ The rationale for any further

processing:If information is received via a third party for further processing, this further processing must be compatible with the purpose for which the data was initially collected.

➔ Personal information must not be retained any longer than is necessary

➔ personal information must be destroyed, deleted as soon as the purpose for collecting the information has been achieved.

3.Purpose

Specifications

4.Further

Processing

The Document Warehouse | www.tdw.co.za | 011 298 070015

Information must be complete and should never be misleading. At the same time information should be relevant and updated on a regular basis.

All information must be accurate and credible at the time of acquiring it. This will ensure that quality information is collected, managed and stored correctly.

Information Quality

5.Information

Quality

The Document Warehouse | www.tdw.co.za | 011 298 070016

Openness Security Safeguards

➔ Security measures on integrity and confidentiality of personal information by taking appropriate, reasonable technical and organisational measures to prevent loss of, damage to, access to, personal information.

Audit the processes used to collect, record, store, disseminate and destroy personal information:

Companies must ensure the integrity and safekeeping of personal information in their possession or under their control.

They must take steps to prevent the information being lost or damaged, or unlawfully accessed.

6.Openness

7.Security

Safeguards

The Document Warehouse | www.tdw.co.za | 011 298 070017

AccessPart A● Access to personal information● Correction of personal information● Manner of Access

Part B● Process and Authorisation concerning data subject’s● Religious and philosophical beliefs● Race or ethnic origin● Trade union membership● Political persuasion● Health or sex life● Criminal behaviour or biometric information.

Part C● Processing of information of children

8.Data Subject Participation

The Document Warehouse | www.tdw.co.za | 011 298 070018

• When the POPI is enacted and a Regulator established, organisations processing personal information will have to notify the Regulator about their actions.

They will also have to notify the Regulator of any requests for information (PAIA) and or personal information. (POPI)

Notify the information Protection Regulator:

The Document Warehouse | www.tdw.co.za | 011 298 070019

● Suffer reputational damage● Lose customers and fail to attract new ones

● Pay out millions in damages to a civil class action

● Be fined up to R10 million or face up to 10 years in jail

● This is serious, you need to take action now. ● Raise your Awareness● Raise employees awareness

What happens if you don’t comply?

The Document Warehouse | www.tdw.co.za | 011 298 0700

Is Your Business Compliant?

Are you ready to implement the POPI act into your business, to safeguard your information and records?

The Document Warehouse has the right solution for youBook your POPI Workshop with our training academy by calling us or visiting our website for more information.

Lets help you get ready before it’s too late.

20

The Document Warehouse | www.tdw.co.za | 011 298 0700

Our Team Are Ready To Assist You

The Document WarehouseSouth Africa's Professional Document

Solution Leaders Since 1992

21